SSO Principles of Operation

Uniform conventions for resource access and Single Sign On (SSO) used in these domains.

  • Agent Tuple

    An ordered tuple factor-0, factor-1, ... carries the context of the domain user. To the extent possible the system avoids exposing the detailed semantics of the elements.

  • Multi Factor Authentication

    A role secret pair never is a stand alone pass to high privilege levels. The default additional method is QR code scanned by a mobile device.

  • Transparent/Automatic Operation

    To the extent possible, the system operates automatically with minimized user interaction.